-----Original Message----- From: Jeff Chan [mailto:jeffc@surbl.org] Sent: Tuesday, March 22, 2005 7:23 AM To: users@spamassassin.apache.org; SURBL Discuss Subject: Re: ZDNET redirecting to spammer websites?
On Tuesday, March 22, 2005, 4:13:33 AM, Bobby Rose wrote:
Even though zdnet.com shouldn't be in SURBL, wouldn't having chkpt.zdnet.com (the actually site doing the redirect) be in SURBL?
Good thought, but there are two problems with that:
- SURBLs usually list only registered domains like zdnet.com
and not subdomains. Obviously we're not going to blacklist zdnet.com; it has too many legitimate uses.
- Similarly we can't list chkpt.zdnet.com. It's being abused,
but it clearly has legitimate uses too.
C&C warning.
I agree with Jeff :)
However I don't agree with a new mechanism in SA for scanning being the solution. ZDnet needs to shut this down and secure it. End of story. Even with a simple rule for SA you can tag it, but that doesn't help the people who don't use SA and will be fooled into installing malware thru this redirect. It has to be fixed. Its already been too long.
--Chris